Update on Brave being flagged as malware (false positive) by Kaspersky Anti-Virus

kaspersky

#1

Hello everyone!

As you may know, many users attempting to install or update Brave on their machine have had Kaspersky flag it as “malicious or harmful content”. We first received reports of this all the way back in September when we opened our Beta channel to the public.

We have been in contact with Kaspersky for quite some time. Correspondence has taken a while and we apologize for the wait and inconvenience. However, we were recently notified by Kaspersky that they’ve scanned all the necessary binaries and cleared Brave as “safe”.

Users should already begin to see this change reflected and Brave should no longer be flagged by Kaspersky AV when downloaded, installed or updated. :tada::tada::tada:

The fix should apply to any and all release channels/binaries available on our GitHub. While it looks like this long-standing issue is coming to a close, it’s very important you notify us should Kaspersky block your Brave install.

If you find that this is the case for you, please reply to this thread and include:

  1. What action triggered Kaspersky (were you downloading Brave, updating, installing different build, etc)
  2. Your Operating System
  3. Brave version (Channel/build [Release, Beta, Developer] and version number)
  4. Any error messages or logs displayed (screenshots would be ideal if possible)

Note: Please only reply to this thread if you’re still encountering the issue. It’s purpose is to announce the fix and track anyone who may still be encountering it. Posts about anything else - even if related to Kaspersky - will be removed. If you have a related issue you’d like to bring up, please create a new topic or message me directly (@Mattches)

Relevant Community Threads:
Auto-updater for Dev builds is detected as trojan by Kaspersky Antivirus
Brave infected with malware
Kaspersky 19 and Brave 0.58.16
Kaspersky Internet Security blocks and erases Brave
Latest version of Brave flagged as malware by Kaspersky Antivirus
Brave installer triggers Kaspersky Free
Error on yesterday's update
Installer failed to uncompress archive
[KTS19] detecting [BraveSoftware][tor-0.3.4.9-win32-brave-0]


Panda Picks Up a Brave "Virus" Every Week
pinned #2

#3
  1. What action triggered Kaspersky (were you downloading Brave, updating, installing different build, etc)
    Installing
  2. Your Operating System
    Windows 10 1809 build 17763.253
  3. Brave version (Channel/build [Release, Beta, Developer] and version number)
    Beta - BraveBrowserBetaSetup.exe v 1.3.99.0
  4. Any error messages or logs displayed (screenshots would be ideal if possible)
    Installer Stub downloads files but during installation Kaspersky detects and blocks the setup.exe. The actual setup.exe file is deleted so I don’t know the version number. Edit - checked Github and this is beta v0.59.28
    Kaspersky database was updated 1 hour ago.
    Screenshots
    2019-01-25%2013_52_15-AlertWindow
    Please let me know if more info is required. Thanks

Issues raised in Brave Forum
Kaspersky [KTS19(d)] detecting Brave Installer as malware: PDM:Trojan.Win32.Generic
#4

Hello,

Just installed the latest Kaspersky Free and during a full scan I got this:

Imgur

Windows 10 (64-bit) - 1809 build 17763.253
Brave - Version 0.58.21 Chromium: 71.0.3578.98 (Official Build) (64-bit)
Kaspersky Free - Version 19.0.0.1088(d)


#5

@preacher65, @tonialb thank you for reporting here. Really appreciate it.
I’m going to go make some noise at them about this now.


#6

Morning Mattches,
As you know I’ve been engaged with K re their detecting: Brave installer & Brave Tor as malware.
I removed Brave TOTALLY, using many tools, including manual stripping, then re-installed: yesterday:
Windows 10 (64-bit) - 1809 build 17763.134
Brave -Version 0.58.21 Chromium: 71.0.3578.98 (Official Build) (64-bit)
Kaspersky Total Security - Version 19.0.0.1088(d)

https://www.virustotal.com/#/file/0373236d29a866642a51117cd61d507eead2b1c37707c960c4cb71ead6df3c95/detection

K’s advice: select (tell KTS19) to “Ignore” the detection, does not work as K continues to define object as malware…

The ref: INC000009990560, is the incident # logged with Kaspersky, as per previous, I’ve submitted traces, GSI, cfg, screen dumps…

It may be this topic [ Update on Brave being flagged as malware (false positive) by Kaspersky Anti-Virus]is specific to [Brave installer], in which case you may wish to move my post, please do so if necessary.

I’d like to be able to say hooray to [Kaspersky scanned all necessary binaries and cleared Brave as “safe"] but, been down that road before, Kaspersky’s definition of [safe] changes like the wind.


#7

Decided to test [BraveBrowserBetaSetup],

Windows 10 (64-bit) - 1809 build 17763.134
BraveBeta - Version 1.3.99.0
Kaspersky Total Security - Version 19.0.0.1088(d)

Kaspersky immediately: detects/blocks/deletes the install:

:speak_no_evil:


#8
  1. What action triggered Kaspersky (were you downloading Brave, updating, installing different build, etc)
    Installing, Update
    *Update : it seems that the setup file is generated in temp folder which was also marked as malware.
  2. Your Operating System
    **Windows 10 1809 build 17763
  3. Brave version (Channel/build [Release, Beta, Developer] and version number)
    **Beta - Brave browser beta Version 0.59.28
  4. Any error messages or logs displayed (screenshots would be ideal if possible)
    Detect as malware everytime i tries to install or update. The brave browser will not update if my kaspersky block with error 0x80080005 when updating.
    Screenshots


#9

Hey everyone,
We recently released an update to v0.59.34 on release channel. Sorry to keep asking, but would everyone mind testing/confirming if Brave is still flagged after the update?


#10

Hey Mattches, Brave Support/Community:

The Kaspersky saga continues:

  1. https://forum.kaspersky.com/index.php?/topic/404571-brave-browser-gets-flagged-as-malware/&
    Sun 03/02/19, approx 21:30: Mikhail Shakhov: Senior Technical Support Engineer, posted: “tested Brave browser: 1.3.99.0 from: https://brave.com/”, unable to replicate detection, **assumed**it was a false detection, which has already been fixed."

Not a proof positive test as it’s not testing the reported source/s.

  1. https://forum.kaspersky.com/index.php?/topic/404571-brave-browser-gets-flagged-as-malware/&page=2
    14:40 04/02/2019: kojo+oi: Kelly, Edward {Ned}: Kaspersky Forum Moderators: posted:
    “We noticed in test Kaspersky 2019 detects Brave Browser in full scan”.

No replication detection details provided.
I’ve requested same.


#11

Update on previous post:
kojo+oi: Kelly, Edward {Ned}: Kaspersky Forum Moderators: has advised he/she was reporting the Brave “Tor” detection (also a known issue) but not “Brave browser installer.exe” / Kaspersky detection😒


#12

Hey guys,

Just for info, I removed Kaspersky from my PC! Apart from the known issue with Brave, another reason was, it didn’t play nice on Firefox, my 2nd browser which I use. When a piece of software install an extension and it does’t give me an option to remove it, I call that “a spyware”! :rage: